Hi, I have done some progress in building and testing the PKCS#11 module under Windows so I would like to share it and ask a few things on which some PKCS#11 developer would maybe know the answer or at least point me to the right direction.
So, I have built all the MuscleCard modules, this time from SVN. I have successfully installed the PKCS#11 module in Firefox and logged into the token. After that I have tried some testing based on tools proposed by Karsten - keytool and Sun PKCS#11 Provider. They are very nice and pretty simple to configure and start working. I have successfully generated a keypair using: >keytool.exe -keystore NONE -storetype PKCS11 -genkey -dname "CN=dg,OU=LS,O=GP,C=HR" -alias dgambin -keyalg "RSA" -validity 365 -keysize 1024 > keytool.exe -keystore NONE -storetype PKCS11 -list gives me: Keystore type: PKCS11 Keystore provider: SunPKCS11-musclePKCS11 Your keystore contains 1 entry dgambin, keyEntry, Certificate fingerprint (MD5): 61:64:94:71:A2:B0:E0:22:5D:01:27:9E:E9:5C:4C:E6 But trying to generate the CSR using: >keytool.exe -keystore NONE -storetype PKCS11 -certreq -alias dgambin -file certreq.txt, I get errors. Since I am able to log everything now, here is the part of the log with complete APDUs sent. Maybe someone can help me out or at least tell me what is wrong or maybe not implemented in the current Muscle PKCS#11 that should be done to support the CSR generation: ->: 00 a4 04 00 06 a0 00 00 00 01 01 <-: 90 00 ->: [INS_GET_STATUS] b0 3c 00 00 10 <-: 00 01 00 07 00 00 17 70 00 00 10 50 02 02 00 00 90 00 ->: [INS_LIST_PINS] b0 48 00 00 02 <-: 00 03 90 00 Enter keystore password: 00000000 ->: [INS_VERIFY_PIN] b0 42 01 00 08 30 30 30 30 30 30 30 30 <-: 90 00 ->: [INS_LIST_KEYS] b0 3a 00 00 0b <-: 00 03 ff 04 00 ff ff 00 02 00 02 90 00 ->: [INS_READ_OBJ] b0 56 00 00 09 6b 30 00 00 00 00 00 00 07 <-: 00 6b 30 00 00 00 b3 90 00 ->: [INS_READ_OBJ] b0 56 00 00 09 6b 30 00 00 00 00 00 07 b3 <-: 00 00 01 20 00 80 81 ba c6 d2 7d e1 70 48 9a 1b 1d 51 d8 be c0 05 34 40 c6 b 6 49 2c 88 8b b5 d2 26 f3 0d 8d 8b c8 a2 5e 4a bf 61 10 13 07 ca 09 37 9c 7d 29 36 aa a1 78 e1 20 64 0a 2c 03 c8 97 16 5f e4 82 ca 4f 8a 2b dd 74 d3 28 b7 a8 fc 4b 1c 44 26 96 46 53 8a 47 fa b5 ac e9 b9 86 3d 84 8d 55 5d c4 0c 9e d2 21 3f 6 c cd ad 56 31 56 6d ed c6 c1 87 86 30 49 4c 38 9d bf e4 14 a2 b5 f4 1e ad 08 82 b6 41 00 00 01 02 00 05 67 61 6d 62 61 00 00 01 00 00 04 00 00 00 00 00 00 00 02 00 01 01 00 00 00 00 00 04 03 00 00 00 00 00 00 01 00 01 01 90 00 ->: [INS_LIST_KEYS] b0 3a 01 00 0b <-: 01 01 ff 04 00 00 00 00 02 00 02 90 00 ->: [INS_READ_OBJ] b0 56 00 00 09 6b 31 00 00 00 00 00 00 07 <-: 00 6b 31 00 00 00 a4 90 00 ->: [INS_READ_OBJ] b0 56 00 00 09 6b 31 00 00 00 00 00 07 a4 <-: 00 00 01 22 00 03 01 00 01 00 00 01 20 00 80 81 ba c6 d2 7d e1 70 48 9a 1b 1 d 51 d8 be c0 05 34 40 c6 b6 49 2c 88 8b b5 d2 26 f3 0d 8d 8b c8 a2 5e 4a bf 61 10 13 07 ca 09 37 9c 7d 29 36 aa a1 78 e1 20 64 0a 2c 03 c8 97 16 5f e4 82 ca 4f 8a 2b dd 74 d3 28 b7 a8 fc 4b 1c 44 26 96 46 53 8a 47 fa b5 ac e9 b9 86 3d 84 8 d 55 5d c4 0c 9e d2 21 3f 6c cd ad 56 31 56 6d ed c6 c1 87 86 30 49 4c 38 9d bf e4 14 a2 b5 f4 1e ad 08 82 b6 41 00 00 01 02 00 05 67 61 6d 62 61 00 00 00 00 00 04 02 00 00 00 90 00 ->: [INS_LIST_KEYS] b0 3a 01 00 0b <-: 90 00 ->: [INS_LIST_OBJECTS] b0 58 00 00 0e <-: 63 30 00 00 00 00 01 00 00 00 00 02 00 02 90 00 ->: [INS_LIST_OBJECTS] b0 58 01 00 0e <-: 43 30 00 00 00 00 01 de 00 00 00 02 00 02 90 00 ->: [INS_READ_OBJ] b0 56 00 00 09 43 30 00 00 00 00 00 00 c8 <-: 30 82 01 da 30 82 01 43 02 04 45 26 0d 7d 30 0d 06 09 2a 86 48 86 f7 0d 01 0 1 04 05 00 30 34 31 0b 30 09 06 03 55 04 06 13 02 48 52 31 0b 30 09 06 03 55 04 0a 13 02 47 50 31 0b 30 09 06 03 55 04 0b 13 02 4c 53 31 0b 30 09 06 03 55 04 03 13 02 64 67 30 1e 17 0d 30 36 31 30 30 36 30 38 30 32 30 35 5a 17 0d 30 37 31 3 0 30 36 30 38 30 32 30 35 5a 30 34 31 0b 30 09 06 03 55 04 06 13 02 48 52 31 0b 30 09 06 03 55 04 0a 13 02 47 50 31 0b 30 09 06 03 55 04 0b 13 02 4c 53 31 0b 30 09 06 03 55 04 03 13 02 64 67 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 0 5 00 03 81 8d 00 30 81 89 02 81 81 00 81 ba 90 00 ->: [INS_READ_OBJ] b0 56 00 00 09 43 30 00 00 00 00 00 c8 c8 <-: c6 d2 7d e1 70 48 9a 1b 1d 51 d8 be c0 05 34 40 c6 b6 49 2c 88 8b b5 d2 26 f 3 0d 8d 8b c8 a2 5e 4a bf 61 10 13 07 ca 09 37 9c 7d 29 36 aa a1 78 e1 20 64 0a 2c 03 c8 97 16 5f e4 82 ca 4f 8a 2b dd 74 d3 28 b7 a8 fc 4b 1c 44 26 96 46 53 8a 47 fa b5 ac e9 b9 86 3d 84 8d 55 5d c4 0c 9e d2 21 3f 6c cd ad 56 31 56 6d ed c 6 c1 87 86 30 49 4c 38 9d bf e4 14 a2 b5 f4 1e ad 08 82 b6 41 02 03 01 00 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 00 56 1f 26 a1 e2 37 7a e1 70 89 7b cb 39 80 08 63 0f f5 a5 66 1c a9 f2 1e e1 2b 4a ff e4 b8 d6 5b 67 1a e1 1 e cf 52 58 67 cc d5 88 98 87 8e 7a df 6d 84 90 00 ->: [INS_READ_OBJ] b0 56 00 00 09 43 30 00 00 00 00 01 90 4e <-: f6 83 d9 74 38 dd 9e 72 2f cb 46 75 a3 ef 85 9f 99 73 38 8f 10 72 a7 ee cd 0 d f4 ea 96 38 ae d3 32 9d 18 92 04 55 97 6d b9 a0 01 d4 2b fb 32 3c 03 8a cf 2e 44 db fa ff 65 1d 10 e6 65 d1 91 5d 65 a5 f6 8b 22 f0 35 61 d3 9f 75 eb b0 33 90 00 ->: [INS_READ_OBJ] b0 56 00 00 09 63 30 00 00 00 00 00 00 07 <-: 00 63 30 00 00 00 31 90 00 ->: [INS_READ_OBJ] b0 56 00 00 09 63 30 00 00 00 00 00 07 31 <-: 00 00 01 02 00 05 67 61 6d 62 61 00 00 00 03 00 05 67 61 6d 62 61 00 00 00 8 0 00 04 00 00 00 00 00 00 00 00 00 04 01 00 00 00 00 00 00 01 00 01 01 90 00 ->: [INS_LIST_OBJECTS] b0 58 01 00 0e <-: 6b 31 00 00 00 00 01 00 00 00 00 02 00 02 90 00 ->: [INS_LIST_OBJECTS] b0 58 01 00 0e <-: 6b 30 00 00 00 00 03 00 00 02 00 02 00 02 90 00 ->: [INS_LIST_OBJECTS] b0 58 01 00 0e <-: 9c 12 keytool error: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_TYPE_INVALID thanks for any help regards, dejan _______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
